Deploying with Microsoft Intune

Step 1 - Enable Intune Integration in Patch Desktop

Connect Patch Desktop directly to Intune to upload configuration profiles without manual export or using the Intune web interface.

Optional Integration

Enabling the integration is not required to deploy Alectrona Patch with Intune. You can also choose to export the configuration profile from Patch Desktop and upload it to Intune manually.

Create an Intune App Registration for Patch Desktop Integration

1. Create an App Registration in Microsoft Entra ID and record the Application (client) ID and Directory (tenant) ID for use in Patch Desktop.
2. Create a client secret for the App Registration in the Certificates & secrets section and record the value for use in Patch Desktop.
3. Assign the API permissions listed below to the App Registration and grant admin consent.

• DeviceManagementConfiguration.Read.All
• DeviceManagementConfiguration.ReadWrite.All
• DeviceManagementManagedDevices.Read.All
• DeviceManagementRBAC.Read.All
• DeviceManagementRBAC.ReadWrite.All
• DeviceManagementScripts.Read.All
• DeviceManagementScripts.ReadWrite.All
• DeviceManagementServiceConfig.Read.All
• DeviceManagementServiceConfig.ReadWrite.All

More information about App Registrations and Microsoft Graph API Permissions

• Microsoft - Register an application in Microsoft Entra ID
• Microsoft - Microsoft Graph Permissions Reference

Step 2 - Connect Patch Desktop to Intune

Open Settings

In Patch Desktop, open Settings from the sidebar.

Add Intune Server

Next, select Intune and click + to add a server.

Enter Server Details

Enter your Intune server details along with the API Client credentials you configured and click Add Server.

Integration Ready

Intune integration is now active, allowing you to upload configuration profiles directly to Intune from Patch Desktop.

Step 3 - Create Your Patch Profile in Patch Desktop

Use Patch Desktop to build your Alectrona Patch configuration—select apps to keep up to date or install, and customize the end-user experience with branding and notifications—all in one place.

Configure Your License and Initial Settings

Enter License

In Patch Desktop, navigate to Configuration > General and enter your Patch License. Click Validate to confirm the license is valid and active. This will unlock the full functionality of Patch Desktop.

General Settings

Next, review and adjust any additional General options as desired. Additionally, adding update allow/blackout windows can be helpful to avoid patching during business hours or other critical times.

Notification Settings

In Configuration > Menu Bar App, enable the Patch Menu Bar app and Notification Center alerts to provide users with unmatched balance between visibility and non-intrusiveness for patch notifications.

tip

We recommend adding your own custom branding to the Menu Bar app and notifications by uploading your own icons and text preferences in the Menu Bar App settings.

Deferral Limit Settings

Under Configuration > Deferral Limits, we recommend enabling a Global Deferral Limit as well as any individual deferral limits to ensure managed apps are patched within a reasonable time.

Preview Your Configuration

Preview your configuration settings in the Patch Playground to see exactly how your users will experience patch notifications and interactions. This is a great way to ensure your settings are configured as desired before deploying to your environment.

Choose Your Apps

With your desired configuration settings in place, navigate to the Patch Catalog inside Patch Desktop and choose the apps you would like to manage. We recommend that you toggle the Update functionality for any apps deployed in your environment. This ensures those apps are kept up to date if they are installed on any endpoints.

Optionally, you can enable Update All which will configure Alectrona Patch to automatically update every third-party app installed on your Macs that exist in the Patch Catalog. For any software titles you prefer to not update, toggle the Update button off for that app which will exclude it from receiving updates from Alectrona Patch.

Recommended Settings for Intune

For Microsoft Intune, we recommend toggling both Install and Update for each software title you would like to manage in your environment. Leveraging the Install feature of Alectrona Patch is an easy way to not only keep your managed apps up to date, but ensure all chosen apps are installed on the client Mac if not already installed. This also helps speed up deployment on newly enrolled Macs!

Step 4 - Upload Configuration Profile to Microsoft Intune

Export Profile

Click Export in the top right of Patch Desktop or choose File > Export mobileconfig to export your configuration profile.

Review Payloads

Review the included payloads, then click Upload to MDM.

Managing Multiple Profiles

All payloads are enabled by default. Toggle any off only if you plan to manage them in separate configuration profiles.

Set Upload Options

Review the name and description, select a category and confirm scope, then click Upload.

Replacing Existing Profiles

You can choose to replace an existing Alectrona Patch configuration profile with the same name during upload.

Open in Intune

Once uploaded, you can immediately open the profile in Intune.

Required Permissions

A Privacy Preferences Policy Control (PPPC) configuration profile (see below) is required to ensure Alectrona Patch functions properly.

Additionally, if you enable the Patch Menu Bar app, deploy a profile that configures Notification Center Alerts or Banners for Patch. Example profiles for persistent alerts or temporary banners are provided below.

Required Profiles

• Alectrona Patch PPPC Profile - Updated Feb. 2026
• Enable Notification Center Alerts - Enable persistent notifications (recommended)
• Enable Notification Center Banners - Enable temporary notifications
• Managed Login Items Profile - Prevents users from disabling background items for Patch (recommended)

Note: Banners disappear automatically, while alerts remain on screen until dismissed. Choose the profile that matches your desired behavior.

Included in Patch Desktop

Patch Desktop 2.1+ can automatically include these required payloads in the generated Patch Profile, eliminating the need to deploy the profiles separately.

Step 5 - Deploy Alectrona Patch 🎉

Scripted Install (Recommended)

1. Download and save our install script.
2. Inside Microsoft Intune, navigate to Devices > macOS > Shell scripts and click Add.
3. Name the script (e.g. Install Alectrona Patch), upload it, and assign it to devices. Under script settings, toggle Run the script as signed-in user off and Hide script notifications on devices to Yes. The additional settings can be left as Not configured.

Package Installation

1. Download the Alectrona Patch package from your welcome email.
2. In Microsoft Intune, navigate to Apps > macOS and choose Add.
3. Under App type, select macOS app (PKG).
4. Upload the Alectrona Patch package, complete the required details, and assign it to devices to create the install policy.